Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Inactive Anti-virus Program Conflicts with Active One


  • Please log in to reply
14 replies to this topic

#1 ManyQs

ManyQs

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 28 May 2013 - 04:23 AM

On this page <_ http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/ _> I see this sentence: “Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts.”  The antecedent for "one of them" is "anti-virus program".

 

 I would like to ask if the author, or anyone, has a link to a published paper (or papers) that shows test results that outline the above sentence.

 

I'm not new to the Net, hardware, software, or security and have read many times about two active anti-virus products running simultaneously being a danger, and I have always taken that as true without asking for specific research papers on that point, but this one of an inactive product conflicting with an active product (anti-virus product, that is) — the concept/idea/contention that an inactive anti-virus product conflicting with an active anti-virus product I would like to see supported by research.  I have to assume that somebody has done the testing or research and I have been looking very hard for such, but so far have come up with no results.  Now I'm starting to ask around.

 

Thank you for your attention to my question, and I chose this forum because of the part in the title "Protection Methods".  If I erred in my choice of forum, please excuse me.

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 PM

Posted 28 May 2013 - 07:05 AM

Hello ManyQs and Welcome -

I am not the author of the article, but I can quote one line, that from memory is from AVG or avast! -

 

Antivirus programs must install their drivers deep into the operating system for them to be effective... so even disabled antivirus programs can and will affect others that are installed.
 

If you read the reasoning behind loading installed drivers, this alone can also cause problems, and this is why we make sure you use the correct tool to remove all drivers from old Antivirus programs.

 

Also if you have more than one Antivirus installed, it is of no use unless it has been fully Updated, and to do this you would need to fully disable or uninstall the other program.

 

Online Antivirus scanners do not need to install in the same manner, since you install only half a program and the drivers are no longer active when the program has completd its job.

 

I do hope that this in some small way offers at least a part answer to your question -

 

Thank You for your question -

 

Please, do post back if you wish for more information, and you are more than welcomed at this forum -



#3 ManyQs

ManyQs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 28 May 2013 - 07:22 AM

Thank you for the response and welcome, Aussie Addict.  I don't recognize that from Avast, so maybe AVG.

 

I am aware of the common warning about one anti-virus product causing problems when installing another.  Seen a lot of that warning, as well the one about running two active at the same time.

 

Right now my focus is on one inactive and one active and, more importantly, I need a source for the claim.

 

Let me put it another way, if so many people are making the claim about one inactive and one active being a problem they must have gotten it from somebody and I wish to know who/where.

 

Truth is there are some that state there is no problem with one inactive and one active, if/once you get past installation.

 

So I'm looking for the source.  I'm looking for some research.  Some testing.  It must be out there, but I'm having a heck of a time finding it.

 

But, thanks again for your input.  If you find a research paper on this please let me know.


Edited by ManyQs, 28 May 2013 - 07:25 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 PM

Posted 28 May 2013 - 08:50 AM

I do not have a "research paper" to link you to yet, but if you start to understand kernel drivers better you will be further on your trail.

 

In the mean time this link leads to a person with more information ----->

http://www.sheffieldforum.co.uk/showpost.php?p=6720296&postcount=5
Read the posts from waddler8 that describe kernel mode drivers, and follow his links.
If you can understand that part of the equation, you are on your way to further solving your other questions -

 

The author of the section that you are quoting here (quietman7) will be along soon and further describe in detail his postings.

 

Thank You -



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:36 AM

Posted 28 May 2013 - 10:54 AM

The information noknojon cited in Post #2 can be found in the AVG link listed under the section.
 

Anti-virus vendors recommend that you install and run only one anti-virus program at a time

Symantec's statement
Eset's Statement
Avast's statement
AVG's statement
Dell Support statement


It appears that the remaining vendors have updated their support pages so those links are no longer valid. As soon as I can I will start looking around to find where they have moved their warning statements and update the links acordinly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:36 AM

Posted 28 May 2013 - 12:09 PM

I have already started replacing some of the other links.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ManyQs

ManyQs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 28 May 2013 - 01:28 PM

I sincerely appreciate the help thus far and I will have to do some catching up after I get some sleep.  Please remember, though, it's the actual testing/research that is at the top of my list.

 

That being stated, I will happily and appreciatively accept all information any of you provide on this issue, as I have been studying this for a fair bit now and the more I dig the more questions seem to pop up.  *Sorry, I can't help myself when pun opportunity arises.

 

Moving on, a funny thing just popped into my head a short time ago.  Some reason I'd never thought of the following question before:  What about Windows Defender?  Not MSE, mind you.

 

Windows Defender cannot be uninstalled by the average user, maybe not even the above-average user, and many companies have a code that will auto inactivate Windows Defender when you install their product, but Windows Defender is still there and it is essentially an inactive real-time protection tool.  If this business of an inactive real-time product can pose a danger to an active product is so serious that all these companies are pretty much demanding we remove third-party products, why is Windows Defender not being treated in the same manner?

 

Sorry, that question popped into my mind just as I was trying to start a short sleep cycle.  As the Mod Squad fella can see from my IP address, I should already be in bed.

 

Again, thanks for all the feedback so far.  Hope you won't mind staying with me on this for however long it takes.

 

Wait, one more quick point that I remember that I saw in one of noknojon's posts.  This isn't being researched because I have a specific problem, so to speak.  It is essentially research.  I think you wrote something that indicated you thought I had some sort of problem.  Well, besides my mental problems, which  you didn't know about, of course.  I think you might have thought I have a specific software problem. 

 

In a general sense, I sort of have problems with warnings issued because somebody a person respects said something was so, and that person got it from a person he/she respects and you go back and back and back and suddenly you realize there doesn't seem to be a source.  An actual testing.  Some actual research.  It seems sometimes we repeat things because everyone else is repeating it.  So, you see, I'm looking for the source for this one.  Or sources.

 

Thank you all.  Now I try to count dinosaurs.  See, mental problems.  You count sheep, I count dinosaurs.


Edited by ManyQs, 28 May 2013 - 01:33 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:36 AM

Posted 28 May 2013 - 01:44 PM

The version of Windows Defender included with all versions of Windows 7 and Vista is part of the operating system so it cannot be uninstalled. However, it can be disabled and it's service turned off.Windows Defender on Windows 8 is not the same as Defender on earlier operating systems. The new Windows Defender includes anti-virus protection similar to Microsoft Security Essentials (MSE).

Microsoft is adding a bunch of significant new security features in Windows 8, including Early Launch Anti Malware (ELAM), Unified Extensible Firmware Interface (UEFI), and the first edition of Windows Defender to protect not just against malware but also against viruses...Until Windows 8, Windows Defender protected against spyware only. Now, it also takes on viruses and other breeds of malware..

Windows 8 Security

-- Note: Windows Defender is turned on by default in Windows 7 and Vista. It is not uncommon for some anti-virus programs to disable Defender to avoid conflicts. If you uninstall your anti-virus and replace it with something else, the settings may change again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,663 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:36 PM

Posted 28 May 2013 - 03:33 PM

Don't know of any papers on the subject. I suggest you look in Virus Bulletin Magazine (http://www.virusbtn.com/virusbulletin/archive/index).

And have you used Google Scholar to search for papers?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,663 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:36 PM

Posted 28 May 2013 - 03:56 PM

I found an article, but the link is dead.

 

 

 

Singh, Vijay Pal. "Role of Antivirus Software’s in Protecting Computers against Threats to their Installed Programmes." International Journal of Research and Reviews in Computer Science (IJRRCS) 2.6 (2012).

 

 

 

I'm posting a Google Scholar query for it:

http://scholar.google.com/scholar?q=%22using+more+than+one+real-time+antivirus%22


Edited by Didier Stevens, 28 May 2013 - 03:58 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 ManyQs

ManyQs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 29 May 2013 - 06:58 AM

Okey-dokey, had time to read the whole thread from where the waddler8 post came from that you provided the link for, noknojon.

 

Interesting that link he had to Jeff's article.  Truthfully, I'd forgotten that one, but remembered it the moment I saw it.  I'd read that some time ago.  I mean, a few years ago.

 

But getting back to waddler8's post and the copying he did in which I see something very interesting from Microsoft.

 

Before you install Microsoft Security Essentials, you should disable or uninstall other security-related programs.

 

I think of all companies we can figure Microsoft is going to be really careful with their language as they have the buckaroos to pay them high class lawyer types and that quote up there is using "or" which means it is an option to just disable the anti-virus product instead of uninstalling it.  And I'm going to bet a bunch of Shizuoka tea that it's used because of Windows Defender.  Also note they use the vocabulary "security-related programs" which is very clever.

 

Still, appreciate that link, noknojon, and don't forget me if you run into something else related.  Thank you.

 

quietman7 and Didier Stevens, let me get back to you after I do some reading and poking around into what you have contributed.  Hope some other folks will be coming into this conversation, too. 

 

Oh yes, I remember that the Google Scholar link showed a 403 page or some such *access-no-can-do* type page.  Just remembered I took a peek an hour or so ago.  Have too many computers at the work station.

 

That also reminds me, quietman7, please don't be concerned that my User Agent may show a difference in browser or OS from one day to the next, or sometimes within a short time frame.  I've got four computers with different configurations that I may use in no particular order.  I know some Mod folks keep an eye on a new member's User Agent.


Edited by ManyQs, 29 May 2013 - 07:01 AM.


#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 PM

Posted 29 May 2013 - 08:50 PM

Still, appreciate that link, noknojon, and don't forget me if you run into something else related

I have not "left you for dead" and for my own personal interests, I am still looking whenever I have the time.

 

Please note that Microsoft will always be more carefull than many private companies, as they are always asking to remove all other security when you ask them questions regarding MSE or Defender programs.

 

We know it is easy to blame others if there are small problems with your system in any way. M/soft do not even believe that Malwarebytes Pro can exist with MSE, but I do know many people that use both programs.

 

I do thank you for posting on this forum, but in your searches, have you ever asked at M/soft forums for their version, or have you just noted their general reply that "you can not do this" is standard, and usually not expanded on beyond that -

 

Have you found any links that may be of help to us here, as we are always more than willing to follow these up, and if suitable, add them to the fairly comprehensive list of tutorials and help files that are already here ?

 

Thank You -

EDIT -

I know some Mod folks keep an eye on a new member's User Agent.

This is only when a poster is being "unreasonable or offensive" towards others, or the forum in general.

You seem to be genuine in content, questions and replies so any check should not have been done.


Edited by noknojon, 29 May 2013 - 08:57 PM.


#13 ManyQs

ManyQs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 29 May 2013 - 11:49 PM

I think Microsoft's use of that vocabulary is quite smart because it seems with all the research I've been doing on this subject I have found that it seems no two in this field can agree on the definition of an anti-malware product.  Microsoft's use of that vocabulary, security-related programs, keeps that document out of the debate that has been going on for so long about the difference between an anti-malware product and an anti-virus product.

 

I also didn't allow enough scope in the topic title here to really enable us to go into that without it seeming to appear I was going off-topic

 

But if it's okay with y'all I'll be happy to get into that here.  It's an important area to this whole business.

 

Mind you, my priority is on finding research papers on the topic outlined in the topic title, but branching out isn't a problem with me.

 

I'm thinking that I ought to provide a little more background here.

 

I have been an Avast customer since leaving Norton about 2003 or 2004.  But I am leaving Avast, and we sure don't want to get into that in this thread, but I was dragged back onto the Avast forum because of an unusual event that took place.  A really unusual event.  An expired Avast product -- one-year license on that -- that product expired and I didn't uninstall it for reasons I think were justifiable at my end and there was nothing in any of their documentation that stated an expired product had to be uninstalled.  More importantly, I never signed any agreement to uninstall the product after it expired.

 

So I had that expired, so inactive product, on the last unit with an Avast product still installed and suddenly about ten days after it expired it was reactivated.

 

So that created a situation that required me to return to their forum and it's not been very pleasant over there.  Understandable, because I am not a very good company boy, so to speak.  I am not of the herd mentality.  So while asking those folks for specifics in the documentation and being dragged through the mud by one weirdo and being treated with a bit of .. well, like I've got a Net version of a plague -- I decided to go ahead and jump into a full research mode with both feet.

 

One of the first things I did was go through my notes and see what other sites might be a good place for discussion of this matter and this site has popped up from time-to-time over the years when doing a search for this-or-that. 

 

So I am essentially, in this first phase, into a search for the source of all this stuff about two anti-virus products can't be together even if one is inactive.  Kind of like those folks a few centuries back that were searching for the source of the Nile.  It must be out there somewhere, but where?  In this case, it's probably a couple of sources.  I sure hope so.

 

And I should add that nothing that is posted here will have any affect on the business at Avast.  That event is clear.  Clear as a black dog on a new field of snow.  They must (they will) inform me of why that event took place.

 

What I have started here is a general research project.  The Avast business just pushed this research to near the top of the list.

 

Moving on ... yes, I have an account over at Microsoft and might very well be asking them some questions specific to this matter, but not yet.

 

As for posting links, well, I already have a lot of notes and I was sort of wondering how far I should go with posting links here for this-or-that.  For example, some forums don't much care for links to other forums, and it's on other forums where I see a lot of interesting points of view.  And more frequently than not conflicting points of view.

 

There is also the problem that a lot of security related forums that are very active are tied to a given product and then one must deal with those company types that so often seem to have fogged up glasses.  A funny fog that only allows a "good" view of their own company's product.


Edited by ManyQs, 29 May 2013 - 11:53 PM.


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 PM

Posted 30 May 2013 - 02:08 AM

You are quite correct with regards to any individual company that may have a program to sell or protect, but this site promotes no particular programs or asks for payment for the programs that are used. Although I am a member @ avast! I rarely visit these days except for forum questions.

 

The odd (or even bad) thing with purchasing Antivirus or other programs, is usually the EULA written in Latin at the end.

If we ever fully read these it would mean that you would never use a computer, because you spend a year fully reading and never fully understanding every word (did you fully read the forum rules prior to posting here).

 

I have been posting here for a couple of years and still get pulled up on minor errors in my answers :whistle:

Prior to here I was posting on several other forums that often promoted a program, so you would need to be very carefull.

(Back On Topic)

When you read the links usually left by quietman7 they are non committal in nature, rather they try to be objective in nature by showing a variety of choices, and general warnings where needed.

 

This site has, as I said, no debt to any other private company, and posting only one side of any argument always leads to disputes. However often a member may post that xxx program is better than yyy program, but those should usually be qualified with "In My Opinion Only" as I do.

 

You have opened an almost untouched topic by asking for related notes or research documents on this subject, and I personally also find it an interesting subject.

 

I can add that Antivirus (specific) and Antimalware (specific) programs have changed over the last year or so, to the extent that many Antivirus programs now claim Antimalware properties also.

 

Must go (just had one of those bogus "I'm from M/soft" calls from India :devil: ) and it took too long to listen to their garbage, that I am behind in normal work -



#15 ManyQs

ManyQs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 31 May 2013 - 06:35 AM

In the process of trying to track down that article that Didier Stevens referred to above I came across this site.

 

http://connection.ebscohost.com/tag/ANTIVIRUS%20software&offset

 

I don't know how many articles they have listed, but it seems like a lot.

 

I can at least see an abstract for each, but in this country I certainly don't have any library access to their services.

 

Still, it's interesting enough to post a note about it here.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users